Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-0786SQL Injection in Kivicare

CWE-89SQL Injection5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
66.6%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Iqonic Kivicare
Timeline
PublishedJun 13
Latest updateJun 14

Description

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDiqonic/kivicare< 2.3.9

🔴Vulnerability Details

3
GHSA
GHSA-79q2-v554-rhr4: The KiviCare WordPress plugin before 22022-06-14
CVEList
KiviCare < 2.3.9 - Unauthenticated SQLi2022-06-13
VulnCheck
iqonic kivicare Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2022

💥Exploits & PoCs

1
Nuclei
WordPress KiviCare <2.3.9 - SQL Injection
CVE-2022-0786 — SQL Injection in Iqonic Kivicare | cvebase